<?xml version="1.0" encoding="utf-8" ?>
    <access-policy>
      <cross-domain-access>
       <policy>
          <allow-from http-request-headers="*">
            <domain uri="*"/>
          </allow-from>
          <grant-to>
            <resource include-subpaths="true" path="/"/>
          </grant-to>
       </policy>
      </cross-domain-access>
    </access-policy>